#!/bin/sh
# Common parameters
SUBJ="/C=CN/ST=BJ/L=BeiJing/O=MyCompany/CN=MyDomain"

# Generate CA
echo "[+++: ca: ca.key, ca.csr, ca.crt]"
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt -batch -subj $SUBJ

# Generate server cert
echo "[+++: server: server.key, server.csr, server.crt]"
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -batch -subj $SUBJ
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

# Generate client cert
echo "[+++: client: client.key, client.csr, client.crt]"
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -batch -subj $SUBJ # "/C=CN/ST=BJ/L=BeiJing/O=MyCompany/CN=MyDomain"
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

# Generate server.pem
cat server.key server.crt > server.pem

# verify cert
echo "[+++: verify: server.crt]"
openssl verify -CAfile ca.crt server.crt
openssl x509 -noout -text -in server.crt

